The National Privacy Commission is “currently validating information that says 879,699 Facebook accounts of Filipino netizens have allegedly been compromised.” They are part of the large-scale breach affecting 533 million global users of Facebook in 2019.
A statement from the NPC said it had “immediately reached out to Facebook’s Philippine Data Privacy Officer to gather more information on the matter.”
The agency could have saved a lot of time trying to validate the information and could have asked Facebook to explain immediately why users or the agency were not informed about the breach that happened in 2019.
Facebook is downplaying this incident calling the leak “old data.” Yes, this happened in 2019, but was the NPC informed about it?
Who is affected?
I asked my source to check the file and he said details of journalists, government officials, celebrities, students, teachers, and even ordinary employees are there. It’s a one big data dump of random Facebook users. Information includes names, birthdays, phone numbers, users’ unique FB ID, emails, relationship status, occupations, and account creation dates.
Is your account compromised?
If you need to verify if your data is among the 533 million users leaked in 2019, here’s what you need to do:
- Go to the hacker forum (use Google to search) and download the database per country for free or you can download the whole 77.2GB database of leaked Facebook accounts. It’s not that easy though, you need to register and send eight credits to get the link to the file. You can get credits by upgrading your account for a fee of 20 to 50 euros, you can also access the data by purchasing credits for 8 euros and by posting contents that others could access by paying you in credits. Just don’t forget that this is a hacking forum, be careful of what you share.
- There’s an easy way to know if your account is one of the millions of compromised users. Go to “Have I Been Pwned (HIBP)” website at www.haveibeenpwnd.com; input your phone number and see if your number is compromised or “pwned”. This method would just tell you if your account is compromised, but you can not see what other details in your account that were exposed.
- The leaked information is NOT an issue if the details you submitted to Facebook are not confidential. If the mobile number for example you used on Facebook is publicly accessible, then there would be no problem. However, if your mobile number is only available to your closest friends then this breach could be a major concern. If you set your occupation or relationship status to private on your profile, then this data leak could make that visible to the public.
- While this 2019 Facebook data breach does not expose your password, the most logical move you could do when there’s a data leak is to change it. It is recommended to use a passphrase instead of a password, a passphrase is just like a password but made up of words and spaces, it’s easier to remember but harder to crack. You also need to enable two-factor authentication or 2FA to put an extra level of protection to your account. Go to settings and check security, from there, follow instructions to enable 2FA. In 2020, 99 percent of hacked accounts have something in common, users did not use 2FA.
We can not do anything about the exposed data, but this data leak could be a lesson to all of us. It is not wise to put online the things that we don’t want the public to know.